diff --git a/flake.nix b/flake.nix index 805c81f..01c4906 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,6 @@ }; #keep-sorted start block=yes - flake-parts = { url = "github:hercules-ci/flake-parts"; #inputs.nixpkgs.follows = "nixpkgs"; @@ -97,28 +96,18 @@ inputs@{ self, nixpkgs, - home-manager, # keep-sorted start - lanzaboote, niri, nix-vscode-extensions, - nixos-generators, - nixos-raspberrypi, nixpkgs-unstable, - servicepoint-cli, - servicepoint-simulator, - servicepoint-tanks, - stylix, treefmt-nix, - zerforschen-plus, # keep-sorted end ... }: let - devices = import ./devices.nix { inherit self; }; inherit (nixpkgs) lib; - forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; - supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices; + nixosConfigurations = import ./nixosConfigurations.nix { inherit inputs lib; }; + supported-systems = lib.unique (lib.mapAttrsToList (_: v: v.pkgs.system) nixosConfigurations); treefmt-config = { projectRootFile = "flake.nix"; programs = { @@ -147,37 +136,17 @@ in { overlays = { - unstable-packages = final: prev: { + unstable = final: prev: { unstable = import nixpkgs-unstable { localSystem = prev.stdenv.hostPlatform; inherit (prev) config; }; }; + vscodeExtensions = nix-vscode-extensions.overlays.default; + niri = niri.overlays.niri; }; - nixosModules = (importModuleDir ./nixosModules) // { - niri = - { pkgs, ... }: - { - imports = [ niri.nixosModules.niri ]; - nixpkgs.overlays = [ niri.overlays.niri ]; - - programs.niri = { - enable = true; - #package = pkgs.niri-stable; - }; - }; - pkgs-unstable = { - nixpkgs.overlays = [ self.overlays.unstable-packages ]; - }; - pkgs-vscode-extensions = { - nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ]; - }; - # required modules to use other modules, should not do anything on their own - default = { - imports = [ self.nixosModules.allowed-unfree-list ]; - }; - }; + nixosModules = importModuleDir ./nixosModules; homeModules = importModuleDir ./homeModules; homeConfigurations = { @@ -185,38 +154,7 @@ ronja = ./homeConfigurations/ronja; }; - nixosConfigurations = forDevice ( - { - device, - system, - home-manager-users ? { }, - nixosSystem ? nixpkgs.lib.nixosSystem, - ... - }: - let - specialArgs = inputs // { - inherit device home-manager-users devices; - }; - in - nixosSystem { - inherit specialArgs; - modules = [ - { - imports = [ - ./nixosConfigurations/${device} - self.nixosModules.global-settings - ] - ++ (lib.optionals (home-manager-users != { }) [ - self.nixosModules.global-settings-desktop - ]); - - nixpkgs = { - hostPlatform = lib.mkDefault system; - }; - } - ]; - } - ); + inherit nixosConfigurations; formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper); diff --git a/homeConfigurations/muede/default.nix b/homeConfigurations/muede/default.nix index 767b40e..185476d 100644 --- a/homeConfigurations/muede/default.nix +++ b/homeConfigurations/muede/default.nix @@ -1,4 +1,4 @@ -{ pkgs, self, ... }: +{ pkgs, ... }: { imports = [ # keep-sorted start diff --git a/homeModules/git.nix b/homeModules/git.nix deleted file mode 100644 index 2c66c82..0000000 --- a/homeModules/git.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - programs.git = { - enable = true; - settings.init.defaultBranch = "main"; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix new file mode 100644 index 0000000..9fb2cf2 --- /dev/null +++ b/nixosConfigurations.nix @@ -0,0 +1,127 @@ +{ + inputs, + lib, +}: +let + devices = import ./devices.nix { inherit (inputs) self; }; + inherit (inputs) + self + home-manager + lanzaboote + nova-shell + servicepoint-cli + servicepoint-simulator + servicepoint-tanks + stylix + zerforschen-plus + ; + forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; +in +forDevice ( + { + device, + system, + home-manager-users ? { }, + nixosSystem ? inputs.nixpkgs.lib.nixosSystem, + ... + }: + let + specialArgs = inputs // { + inherit device home-manager-users devices; + }; + in + nixosSystem { + inherit specialArgs; + modules = [ + ./nixosConfigurations/${device} + self.nixosModules.default + + # keep-sorted start + home-manager.nixosModules.home-manager + lanzaboote.nixosModules.lanzaboote + nova-shell.nixosModules.default + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + zerforschen-plus.nixosModules.default + # keep-sorted end + + # Base config + { + nixpkgs.hostPlatform = lib.mkDefault system; + networking.hostName = device; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; + }; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + documentation = { + info.enable = false; + doc.enable = false; + }; + + my = { + # keep-sorted start + autoupdate.enable = true; + distributedBuilds.enable = true; + extraCaches.enable = true; + git.enable = true; + globalinstalls.enable = true; + lixIsNix.enable = true; + openssh.enable = true; + overlays.unstable.enable = true; + overlays.vscodeExtensions.enable = true; + # prometheusNode.enable = true; + systemdBoot.enable = true; + tailscale.enable = true; + # keep-sorted end + }; + } + ] + ++ lib.optionals (home-manager-users != { }) [ + # Desktop config + { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + users = home-manager-users; + sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + # keep-sorted end + ]; + }; + + time.timeZone = "Europe/Berlin"; + + # on desktops, keep the device useable interactively during expensive builds + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + }; + + my = { + # keep-sorted start + enDe.enable = true; + firmwareUpdates.enable = true; + gnome.enable = true; + kdeconnect.enable = true; + modernDesktop.enable = true; + nixLd.enable = true; + quietBoot.enable = true; + stylix.enable = true; + # keep-sorted end + }; + } + ]; + } +) diff --git a/nixosConfigurations/aur0ra/hardware.nix b/nixosConfigurations/aur0ra/hardware.nix index 8014f41..8642f79 100644 --- a/nixosConfigurations/aur0ra/hardware.nix +++ b/nixosConfigurations/aur0ra/hardware.nix @@ -10,11 +10,9 @@ # No one got time for xz compression. #isoImage.squashfsCompression = "zstd"; - boot.loader = { - raspberry-pi.bootloader = "kernel"; - systemd-boot.enable = lib.mkForce false; - #generic-extlinux-compatible.enable = lib.mkForce false; - }; + boot.loader.raspberry-pi.bootloader = "kernel"; + + my.systemdBoot.enable = lib.mkForce false; /* fileSystems = { diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix index 17d599f..c568243 100644 --- a/nixosConfigurations/damocles/claude-container.nix +++ b/nixosConfigurations/damocles/claude-container.nix @@ -1,12 +1,11 @@ { pkgs, - self, lib, ... }: { - nixpkgs.overlays = [ self.overlays.unstable-packages ]; + my.overlays.unstable.enable = true; allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix index 02c6ae8..19b6219 100644 --- a/nixosConfigurations/epimetheus/default.nix +++ b/nixosConfigurations/epimetheus/default.nix @@ -1,8 +1,13 @@ -{ self, ... }: +{ modulesPath, ... }: { - imports = [ self.nixosModules.pxvirt-guest ]; + imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; config = { + my.pxvirtGuest.enable = true; + proxmoxLXC = { + manageNetwork = false; + privileged = false; + }; }; } diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index 4196430..41c7717 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -1,12 +1,13 @@ -{ self, ... }: +{ ... }: { imports = [ ./hardware.nix ./forgejo-runner.nix - self.nixosModules.podman ]; config = { + my.podman.enable = true; + # uncomment for build check on non arm system (requires --impure) # nixpkgs.buildPlatform = builtins.currentSystem; services.tailscale.useRoutingFeatures = "both"; diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 434b046..78c9d55 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -2,17 +2,17 @@ { imports = [ ./hardware.nix - self.nixosModules.user-muede - self.nixosModules.gnome - self.nixosModules.wine-gaming - self.nixosModules.steam - self.nixosModules.podman - self.nixosModules.muede-desktop-settings - self.nixosModules.intel-graphics - self.nixosModules.secure-boot ]; config = { + my.users.muede.enable = true; + my.wineGaming.enable = true; + my.steam.enable = true; + my.podman.enable = true; + my.muedeDesktopSettings.enable = true; + my.intelGraphics.enable = true; + my.secureBoot.enable = true; + nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" diff --git a/nixosConfigurations/muede-pc2/default.nix b/nixosConfigurations/muede-pc2/default.nix index dd97b00..5a90eea 100644 --- a/nixosConfigurations/muede-pc2/default.nix +++ b/nixosConfigurations/muede-pc2/default.nix @@ -1,21 +1,20 @@ -{ pkgs, self, ... }: +{ pkgs, ... }: { imports = [ ./hardware.nix # ./vscode-server.nix # ./hass.nix - - self.nixosModules.user-muede - self.nixosModules.gnome - self.nixosModules.wine-gaming - self.nixosModules.steam - self.nixosModules.podman - self.nixosModules.muede-desktop-settings - self.nixosModules.amd-graphics - self.nixosModules.secure-boot ]; config = { + my.users.muede.enable = true; + my.wineGaming.enable = true; + my.steam.enable = true; + my.podman.enable = true; + my.muedeDesktopSettings.enable = true; + my.amdGraphics.enable = true; + my.secureBoot.enable = true; + nix.settings.extra-platforms = [ "aarch64-linux" "i686-linux" diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 8e1eb52..85227ff 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -1,20 +1,15 @@ -{ - config, - pkgs, - self, - ... -}: +{ pkgs, ... }: { imports = [ ./hardware.nix - self.nixosModules.user-ronja - self.nixosModules.gnome - self.nixosModules.steam - self.nixosModules.wine-gaming - self.nixosModules.muede-desktop-settings ]; config = { + my.users.ronja.enable = true; + my.steam.enable = true; + my.wineGaming.enable = true; + my.muedeDesktopSettings.enable = true; + # Configure keymap in X11 services.xserver.xkb = { layout = "de"; @@ -24,8 +19,6 @@ # Configure console keymap console.keyMap = "de"; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget diff --git a/nixosModules/amd-graphics.nix b/nixosModules/amd-graphics.nix index 9bc386c..1baeb24 100644 --- a/nixosModules/amd-graphics.nix +++ b/nixosModules/amd-graphics.nix @@ -1,15 +1,24 @@ -{ pkgs, ... }: { - boot.kernelModules = [ "amdgpu" ]; - services.xserver.videoDrivers = [ "amdgpu" ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers"; - hardware = { - graphics.enable = true; - amdgpu = { - opencl.enable = true; - overdrive.enable = true; + config = lib.mkIf config.my.amdGraphics.enable { + boot.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; + + hardware = { + graphics.enable = true; + amdgpu = { + opencl.enable = true; + overdrive.enable = true; + }; }; - }; - environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; + environment.systemPackages = with pkgs; [ nvtopPackages.amd ]; + }; } diff --git a/nixosModules/autoupdate.nix b/nixosModules/autoupdate.nix index 0f26b7e..028cfd7 100644 --- a/nixosModules/autoupdate.nix +++ b/nixosModules/autoupdate.nix @@ -1,16 +1,21 @@ +{ lib, config, ... }: { - nix = { - optimise.automatic = true; - gc = { - automatic = true; + options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades"; + + config = lib.mkIf config.my.autoupdate.enable { + nix = { + optimise.automatic = true; + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + }; + + system.autoUpgrade = { + enable = true; dates = "daily"; - options = "--delete-older-than 7d"; + # do not forget to set `flake` when using this module! }; }; - - system.autoUpgrade = { - enable = true; - dates = "daily"; - # do not forget to set `flake` when using this module! - }; } diff --git a/nixosModules/default.nix b/nixosModules/default.nix new file mode 100644 index 0000000..2808b2a --- /dev/null +++ b/nixosModules/default.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + imports = [ + # keep-sorted start + ./allowed-unfree-list.nix + ./amd-graphics.nix + ./autoupdate.nix + ./distributed-builds.nix + ./en-de.nix + ./extra-caches.nix + ./firmware-updates.nix + ./git.nix + ./globalinstalls.nix + ./gnome.nix + ./intel-graphics.nix + ./kdeconnect.nix + ./latex.nix + ./lix-is-nix.nix + ./modern-desktop.nix + ./muede-desktop-settings.nix + ./nix-ld.nix + ./nixpkgs-overlays.nix + ./openssh.nix + ./podman.nix + ./printing.nix + ./prometheus-node.nix + ./pxvirt-guest.nix + ./quiet-boot.nix + ./secure-boot.nix + ./steam.nix + ./stylix.nix + ./systemd-boot.nix + ./tailscale.nix + ./user-muede.nix + ./user-ronja.nix + ./wine-gaming.nix + # keep-sorted end + ]; +} diff --git a/nixosModules/distributed-builds.nix b/nixosModules/distributed-builds.nix index f0c45da..94ec25c 100644 --- a/nixosModules/distributed-builds.nix +++ b/nixosModules/distributed-builds.nix @@ -32,62 +32,77 @@ let # distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA..."; # from: ssh-keyscan -t ed25519 # All machines automatically discover and use it after the next rebuild. - buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices; + buildServerDevices = lib.filterAttrs ( + _: v: (v.distributedBuilds or { }).isBuilder or false + ) devices; knownHosts = lib.pipe buildServerDevices [ (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) - (lib.mapAttrs (hostName: v: { - publicKey = v.distributedBuilds.hostPublicKey; - })) + (lib.mapAttrs ( + _: v: { + publicKey = v.distributedBuilds.hostPublicKey; + } + )) ]; - buildMachineList = lib.mapAttrsToList (hostName: v: { - inherit hostName; - systems = [ v.system ]; - sshUser = buildUser; - sshKey = sshKeyPath; - protocol = "ssh-ng"; - } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { - speedFactor = v.distributedBuilds.speedFactor; - } // { - supportedFeatures = [ - "nixos-test" - "big-parallel" - "kvm" - "benchmark" - ]; - }) buildServerDevices; + buildMachineList = lib.mapAttrsToList ( + hostName: v: + { + inherit hostName; + systems = [ v.system ]; + sshUser = buildUser; + sshKey = sshKeyPath; + protocol = "ssh-ng"; + } + // lib.optionalAttrs (v.distributedBuilds ? speedFactor) { + speedFactor = v.distributedBuilds.speedFactor; + } + // { + supportedFeatures = [ + "nixos-test" + "big-parallel" + "kvm" + "benchmark" + ]; + } + ) buildServerDevices; remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList; in { - # Dedicated user for receiving distributed build connections - programs.ssh.knownHosts = knownHosts; + options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds"; - users.users.${buildUser} = { - isSystemUser = true; - group = buildUser; - useDefaultShell = true; - openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys; - }; - users.groups.${buildUser} = { }; + config = lib.mkIf config.my.distributedBuilds.enable { + programs.ssh.knownHosts = knownHosts; - nix = { - distributedBuilds = remoteMachines != [ ]; - buildMachines = remoteMachines; - settings = { - trusted-users = [ buildUser ]; - builders-use-substitutes = true; - max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; - cores = 0; - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; + # Dedicated user for receiving distributed build connections + users.users.${buildUser} = { + isSystemUser = true; + group = buildUser; + useDefaultShell = true; + openssh.authorizedKeys.keys = map ( + k: ''command="nix daemon --stdio",restrict ${k}'' + ) authorizedPublicKeys; + }; + users.groups.${buildUser} = { }; + + nix = { + distributedBuilds = remoteMachines != [ ]; + buildMachines = remoteMachines; + settings = { + trusted-users = [ buildUser ]; + builders-use-substitutes = true; + max-jobs = (devices.${config.networking.hostName}.distributedBuilds or { }).maxJobs or "auto"; + cores = 0; + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; }; }; - - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; } diff --git a/nixosModules/en-de.nix b/nixosModules/en-de.nix index a91780e..4a35b28 100644 --- a/nixosModules/en-de.nix +++ b/nixosModules/en-de.nix @@ -1,31 +1,40 @@ -{ pkgs, ... }: { - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocales = [ - "de_DE.UTF-8/UTF-8" - ]; - extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; + lib, + config, + pkgs, + ... +}: +{ + options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs"; + + config = lib.mkIf config.my.enDe.enable { + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocales = [ + "de_DE.UTF-8/UTF-8" + ]; + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; }; + + programs.firefox.languagePacks = [ + "en-US" + "de" + ]; + + environment.systemPackages = [ + pkgs.hunspell + pkgs.hunspellDicts.de-de + pkgs.hunspellDicts.en-us + ]; }; - - programs.firefox.languagePacks = [ - "en-US" - "de" - ]; - - environment.systemPackages = [ - pkgs.hunspell - pkgs.hunspellDicts.de-de - pkgs.hunspellDicts.en-us - ]; } diff --git a/nixosModules/extra-caches.nix b/nixosModules/extra-caches.nix index 8b5431c..6a72755 100644 --- a/nixosModules/extra-caches.nix +++ b/nixosModules/extra-caches.nix @@ -1,22 +1,27 @@ +{ lib, config, ... }: { - nix.settings = { - substituters = [ - # keep-sorted start - "https://cache.lix.systems" - "https://cache.nixos.org/" - "https://niri.cachix.org" - "https://nix-community.cachix.org" - "https://nixos-raspberrypi.cachix.org" - # keep-sorted end - ]; - trusted-public-keys = [ - # keep-sorted start - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" - # keep-sorted end - ]; + options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches"; + + config = lib.mkIf config.my.extraCaches.enable { + nix.settings = { + substituters = [ + # keep-sorted start + "https://cache.lix.systems" + "https://cache.nixos.org/" + "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://nixos-raspberrypi.cachix.org" + # keep-sorted end + ]; + trusted-public-keys = [ + # keep-sorted start + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + # keep-sorted end + ]; + }; }; } diff --git a/nixosModules/firmware-updates.nix b/nixosModules/firmware-updates.nix index 8e81b72..61b2ff8 100644 --- a/nixosModules/firmware-updates.nix +++ b/nixosModules/firmware-updates.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - hardware = { - enableRedistributableFirmware = true; - cpu = { - amd.updateMicrocode = true; - intel.updateMicrocode = true; - }; - }; + options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode"; - services.fwupd.enable = true; + config = lib.mkIf config.my.firmwareUpdates.enable { + hardware = { + enableRedistributableFirmware = true; + cpu = { + amd.updateMicrocode = true; + intel.updateMicrocode = true; + }; + }; + + services.fwupd.enable = true; + }; } diff --git a/nixosModules/git.nix b/nixosModules/git.nix new file mode 100644 index 0000000..ffe5c78 --- /dev/null +++ b/nixosModules/git.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + options.my.git.enable = lib.mkEnableOption "git with credential helper"; + + config = lib.mkIf config.my.git.enable { + environment.systemPackages = [ pkgs.git-credential-oauth ]; + + programs.git = { + enable = true; + config = { + init.defaultBranch = "main"; + credential = { + helper = "oauth"; + credentialStore = "cache"; + }; + }; + }; + }; +} diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix deleted file mode 100644 index a94ab80..0000000 --- a/nixosModules/global-settings-desktop.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - home-manager-users, - self, - home-manager, - servicepoint-cli, - servicepoint-simulator, - servicepoint-tanks, - stylix, - specialArgs, - nova-shell, - ... -}: -{ - imports = [ - # keep-sorted start - home-manager.nixosModules.home-manager - nova-shell.nixosModules.default - self.nixosModules.en-de - self.nixosModules.firmware-updates - self.nixosModules.gnome - self.nixosModules.kdeconnect - self.nixosModules.modern-desktop - self.nixosModules.niri - self.nixosModules.nix-ld - self.nixosModules.pkgs-vscode-extensions - self.nixosModules.quiet-boot - self.nixosModules.stylix - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - stylix.nixosModules.stylix - # keep-sorted end - ]; - - config = { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - users = home-manager-users; - sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - # keep-sorted end - ]; - }; - - time.timeZone = "Europe/Berlin"; - - # on desktops, keep the device useable interactively during expensive builds - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - }; - }; -} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix deleted file mode 100644 index 2d1c5b3..0000000 --- a/nixosModules/global-settings.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - device, - self, - lanzaboote, - zerforschen-plus, - ... -}: -{ - imports = [ - # keep-sorted start - lanzaboote.nixosModules.lanzaboote - self.nixosModules.allowed-unfree-list - self.nixosModules.autoupdate - self.nixosModules.default - self.nixosModules.distributed-builds - self.nixosModules.extra-caches - self.nixosModules.globalinstalls - self.nixosModules.lix-is-nix - self.nixosModules.openssh - self.nixosModules.prometheus-node - self.nixosModules.systemd-boot - self.nixosModules.tailscale - zerforschen-plus.nixosModules.default - # keep-sorted end - ]; - - config = { - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - documentation = { - info.enable = false; # info pages and the info command - doc.enable = false; # documentation distributed in packages' /share/doc - }; - }; -} diff --git a/nixosModules/globalinstalls.nix b/nixosModules/globalinstalls.nix index 146d401..6c914c7 100644 --- a/nixosModules/globalinstalls.nix +++ b/nixosModules/globalinstalls.nix @@ -1,30 +1,31 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ncdu - glances - lsof - dig - screen - tldr - nix-output-monitor - git-credential-oauth - ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools"; - programs = { - zsh.enable = true; - htop.enable = true; - iotop.enable = true; - git.enable = true; - nano = { - enable = true; - syntaxHighlight = true; + config = lib.mkIf config.my.globalinstalls.enable { + environment.systemPackages = with pkgs; [ + ncdu + glances + lsof + dig + screen + tldr + nix-output-monitor + ]; + + programs = { + zsh.enable = true; + htop.enable = true; + iotop.enable = true; + nano = { + enable = true; + syntaxHighlight = true; + }; }; }; - - environment.etc."gitconfig".text = '' - [credential] - helper = oauth - credentialStore = cache - ''; } diff --git a/nixosModules/gnome.nix b/nixosModules/gnome.nix index 260fbbd..b0bf406 100644 --- a/nixosModules/gnome.nix +++ b/nixosModules/gnome.nix @@ -1,62 +1,65 @@ { - pkgs, lib, config, + pkgs, ... }: { - options.muede = { - keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; + options = { + my.gnome.enable = lib.mkEnableOption "GNOME desktop environment"; + muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps"; }; - config = lib.mkMerge [ - { - services = { - xserver.excludePackages = [ pkgs.xterm ]; + config = lib.mkIf config.my.gnome.enable ( + lib.mkMerge [ + { + services = { + xserver.excludePackages = [ pkgs.xterm ]; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = [ pkgs.mutter ]; - extraGSettingsOverrides = '' - [org.gnome.mutter] - experimental-features=['scale-monitor-framebuffer'] - ''; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome = { + enable = true; + extraGSettingsOverridePackages = [ pkgs.mutter ]; + extraGSettingsOverrides = '' + [org.gnome.mutter] + experimental-features=['scale-monitor-framebuffer'] + ''; + }; + + gnome = { + tinysparql.enable = false; + localsearch.enable = false; + sushi.enable = true; + }; }; - gnome = { - tinysparql.enable = false; - localsearch.enable = false; - sushi.enable = true; + programs = { + dconf.enable = true; + gpaste.enable = true; }; - }; - - programs = { - dconf.enable = true; - gpaste.enable = true; - }; - } - (lib.mkIf (!config.muede.keep-gnome-default-apps) { - environment.gnome.excludePackages = with pkgs; [ - cheese # photo booth - epiphany # web browser - evince # document viewer - geary # email client - gnome-maps - gnome-weather - gnome-tour - sysprof - orca # screen reader - gnome-weather - gnome-backgrounds - gnome-user-docs - yelp # help app - gnome-music - totem # video player - snapshot # camera - baobab # disk usage - ]; - }) - ]; + } + (lib.mkIf (!config.muede.keep-gnome-default-apps) { + environment.gnome.excludePackages = with pkgs; [ + cheese # photo booth + epiphany # web browser + evince # document viewer + geary # email client + gnome-maps + gnome-weather + gnome-tour + sysprof + orca # screen reader + gnome-weather + gnome-backgrounds + gnome-user-docs + yelp # help app + gnome-music + totem # video player + snapshot # camera + baobab # disk usage + ]; + }) + ] + ); } diff --git a/nixosModules/intel-graphics.nix b/nixosModules/intel-graphics.nix index 74c6e67..b367489 100644 --- a/nixosModules/intel-graphics.nix +++ b/nixosModules/intel-graphics.nix @@ -1,6 +1,13 @@ -{ pkgs, ... }: { - config = { + lib, + config, + pkgs, + ... +}: +{ + options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers"; + + config = lib.mkIf config.my.intelGraphics.enable { hardware.graphics = { extraPackages = with pkgs; [ intel-media-driver diff --git a/nixosModules/kdeconnect.nix b/nixosModules/kdeconnect.nix index 1a3c2f1..bc809c9 100644 --- a/nixosModules/kdeconnect.nix +++ b/nixosModules/kdeconnect.nix @@ -5,49 +5,53 @@ ... }: { - config = lib.mkMerge [ - { - networking.firewall = - let - kdeconnect-range = { - from = 1714; - to = 1764; - }; - in - { - allowedTCPPortRanges = [ kdeconnect-range ]; - allowedUDPPortRanges = [ kdeconnect-range ]; - }; + options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect"; - programs.kdeconnect.enable = true; - home-manager.sharedModules = [ - { - services.kdeconnect = { - enable = true; - # this still shows up in gnome session starting with 25.05 - # indicator = true; - }; - } - ]; - } - - (lib.mkIf config.services.desktopManager.gnome.enable { - # replace kdeconnect with gsconnect - programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; - - home-manager.sharedModules = [ - ( - { pkgs, ... }: + config = lib.mkIf config.my.kdeconnect.enable ( + lib.mkMerge [ + { + networking.firewall = + let + kdeconnect-range = { + from = 1714; + to = 1764; + }; + in { - home.packages = [ pkgs.gnomeExtensions.gsconnect ]; - # enable gsconnect extension - dconf.settings = { - "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; - "org/gnome/shell/extensions/gsconnect".enabled = true; + allowedTCPPortRanges = [ kdeconnect-range ]; + allowedUDPPortRanges = [ kdeconnect-range ]; + }; + + programs.kdeconnect.enable = true; + home-manager.sharedModules = [ + { + services.kdeconnect = { + enable = true; + # this still shows up in gnome session starting with 25.05 + # indicator = true; }; } - ) - ]; - }) - ]; + ]; + } + + (lib.mkIf config.services.desktopManager.gnome.enable { + # replace kdeconnect with gsconnect + programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect; + + home-manager.sharedModules = [ + ( + { pkgs, ... }: + { + home.packages = [ pkgs.gnomeExtensions.gsconnect ]; + # enable gsconnect extension + dconf.settings = { + "org/gnome/shell".enabled-extensions = [ "gsconnect@andyholmes.github.io" ]; + "org/gnome/shell/extensions/gsconnect".enabled = true; + }; + } + ) + ]; + }) + ] + ); } diff --git a/nixosModules/latex.nix b/nixosModules/latex.nix index 3d097f8..ce5483d 100644 --- a/nixosModules/latex.nix +++ b/nixosModules/latex.nix @@ -1,6 +1,13 @@ -{ pkgs, ... }: { - config = { + lib, + config, + pkgs, + ... +}: +{ + options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)"; + + config = lib.mkIf config.my.latex.enable { environment.systemPackages = with pkgs; [ fontconfig texliveFull diff --git a/nixosModules/lix-is-nix.nix b/nixosModules/lix-is-nix.nix index 3480d06..2bb071e 100644 --- a/nixosModules/lix-is-nix.nix +++ b/nixosModules/lix-is-nix.nix @@ -1,15 +1,24 @@ -{ pkgs, ... }: { - nixpkgs.overlays = [ - (final: prev: { - inherit (prev.lixPackageSets.stable) - nixpkgs-review - nix-eval-jobs - nix-fast-build - colmena - ; - }) - ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation"; - nix.package = pkgs.lixPackageSets.latest.lix; + config = lib.mkIf config.my.lixIsNix.enable { + nixpkgs.overlays = [ + (_: prev: { + inherit (prev.lixPackageSets.stable) + nixpkgs-review + nix-eval-jobs + nix-fast-build + colmena + ; + }) + ]; + + nix.package = pkgs.lixPackageSets.latest.lix; + }; } diff --git a/nixosModules/modern-desktop.nix b/nixosModules/modern-desktop.nix index 6f3ccac..7a10531 100644 --- a/nixosModules/modern-desktop.nix +++ b/nixosModules/modern-desktop.nix @@ -1,47 +1,52 @@ +{ lib, config, ... }: { - services = { - xserver.enable = true; - libinput.enable = true; - flatpak.enable = true; - fstrim.enable = true; - earlyoom = { - enable = true; - freeMemThreshold = 5; + options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)"; + + config = lib.mkIf config.my.modernDesktop.enable { + services = { + xserver.enable = true; + libinput.enable = true; + flatpak.enable = true; + fstrim.enable = true; + earlyoom = { + enable = true; + freeMemThreshold = 5; + }; }; - }; - # Enable sound with pipewire. - security.rtkit.enable = true; - services = { - pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - #jack.enable = true; + # Enable sound with pipewire. + security.rtkit.enable = true; + services = { + pulseaudio.enable = false; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + #jack.enable = true; + }; }; - }; - systemd = { - # save some boot time because nothing actually requires network connectivity - services.NetworkManager-wait-online.enable = false; + systemd = { + # save some boot time because nothing actually requires network connectivity + services.NetworkManager-wait-online.enable = false; - # prevent stuck units from preventing shutdown (default is 120s) - settings.Manager.DefaultTimeoutStopSec = "10s"; - }; - - programs = { - xwayland.enable = true; - - appimage = { - enable = true; - binfmt = true; + # prevent stuck units from preventing shutdown (default is 120s) + settings.Manager.DefaultTimeoutStopSec = "10s"; }; - }; - system.autoUpgrade = { - allowReboot = false; - operation = "boot"; + programs = { + xwayland.enable = true; + + appimage = { + enable = true; + binfmt = true; + }; + }; + + system.autoUpgrade = { + allowReboot = false; + operation = "boot"; + }; }; } diff --git a/nixosModules/muede-desktop-settings.nix b/nixosModules/muede-desktop-settings.nix index 27e790b..8f25f62 100644 --- a/nixosModules/muede-desktop-settings.nix +++ b/nixosModules/muede-desktop-settings.nix @@ -1,21 +1,36 @@ -{ pkgs, ... }: { - programs.firefox.enable = true; + lib, + config, + pkgs, + niri, + ... +}: +{ + imports = [ niri.nixosModules.niri ]; - environment.systemPackages = with pkgs; [ - lm_sensors - libreoffice-qt6 - usbutils - ]; + options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)"; - fonts.enableDefaultPackages = true; + config = lib.mkIf config.my.muedeDesktopSettings.enable { + my.overlays.niri.enable = true; + programs.niri.enable = true; - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; + programs.firefox.enable = true; + + environment.systemPackages = with pkgs; [ + lm_sensors + libreoffice-qt6 + usbutils + ]; + + fonts.enableDefaultPackages = true; + + hardware.logitech.wireless = { + enable = true; + enableGraphical = true; + }; + + # RDP connections + services.gnome.gnome-remote-desktop.enable = true; + networking.firewall.allowedTCPPorts = [ 3389 ]; }; - - # RDP connections - services.gnome.gnome-remote-desktop.enable = true; - networking.firewall.allowedTCPPorts = [ 3389 ]; } diff --git a/nixosModules/nix-ld.nix b/nixosModules/nix-ld.nix index 0d09078..ac7ae7b 100644 --- a/nixosModules/nix-ld.nix +++ b/nixosModules/nix-ld.nix @@ -1,23 +1,32 @@ -{ pkgs, ... }: { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc - zlib - zstd - curl - openssl - attr - libssh - bzip2 - libxml2 - acl - libsodium - util-linux - xz - systemd - icu - ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries"; + + config = lib.mkIf config.my.nixLd.enable { + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc + zlib + zstd + curl + openssl + attr + libssh + bzip2 + libxml2 + acl + libsodium + util-linux + xz + systemd + icu + ]; + }; }; } diff --git a/nixosModules/nixpkgs-overlays.nix b/nixosModules/nixpkgs-overlays.nix new file mode 100644 index 0000000..7a657b1 --- /dev/null +++ b/nixosModules/nixpkgs-overlays.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + self, + ... +}: +{ + options.my.overlays = { + enableAll = lib.mkEnableOption "all nixpkgs overlays"; + } + // lib.mapAttrs (_: _: { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }) self.overlays; + + config = lib.mkMerge ( + [ + { + my.overlays = lib.mapAttrs (_: _: { + enable = lib.mkDefault config.my.overlays.enableAll; + }) self.overlays; + } + ] + ++ lib.mapAttrsToList ( + name: overlay: + lib.mkIf config.my.overlays.${name}.enable { + nixpkgs.overlays = [ overlay ]; + } + ) self.overlays + ); +} diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index 7ff8b18..bed46f8 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; + options.my.openssh.enable = lib.mkEnableOption "OpenSSH server"; + + config = lib.mkIf config.my.openssh.enable { + services.openssh = { + enable = true; + openFirewall = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; }; }; } diff --git a/nixosModules/podman.nix b/nixosModules/podman.nix index 93540f8..b962242 100644 --- a/nixosModules/podman.nix +++ b/nixosModules/podman.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; + options.my.podman.enable = lib.mkEnableOption "Podman container runtime"; + + config = lib.mkIf config.my.podman.enable { + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; }; }; } diff --git a/nixosModules/printing.nix b/nixosModules/printing.nix index c85edd7..48c41ae 100644 --- a/nixosModules/printing.nix +++ b/nixosModules/printing.nix @@ -1,12 +1,17 @@ +{ lib, config, ... }: { - services = { - # Enable CUPS to print documents. - printing.enable = true; + options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)"; - avahi = { - enable = true; # runs the Avahi daemon - nssmdns4 = true; # enables the mDNS NSS plug-in - openFirewall = true; # opens the firewall for UDP port 5353 + config = lib.mkIf config.my.printing.enable { + services = { + # Enable CUPS to print documents. + printing.enable = true; + + avahi = { + enable = true; # runs the Avahi daemon + nssmdns4 = true; # enables the mDNS NSS plug-in + openFirewall = true; # opens the firewall for UDP port 5353 + }; }; }; } diff --git a/nixosModules/prometheus-node.nix b/nixosModules/prometheus-node.nix index 576db81..f5e02fc 100644 --- a/nixosModules/prometheus-node.nix +++ b/nixosModules/prometheus-node.nix @@ -1,20 +1,25 @@ +{ lib, config, ... }: { - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - port = 9190; - enabledCollectors = [ - # keep-sorted start - "cgroups" - "interrupts" - "softirqs" - "swap" - "systemd" - "tcpstat" - "wifi" - # keep-sorted end - ]; + options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter"; + + config = lib.mkIf config.my.prometheusNode.enable { + services.prometheus.exporters = { + node = { + enable = true; + openFirewall = true; + port = 9190; + enabledCollectors = [ + # keep-sorted start + "cgroups" + "interrupts" + "softirqs" + "swap" + "systemd" + "tcpstat" + "wifi" + # keep-sorted end + ]; + }; }; }; } diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix index 067a0ec..a70266a 100644 --- a/nixosModules/pxvirt-guest.nix +++ b/nixosModules/pxvirt-guest.nix @@ -1,16 +1,12 @@ -{ modulesPath, lib, ... }: { - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - - config = { - # TODO is this needed? - # nix.settings.sandbox = false; - - proxmoxLXC = { - manageNetwork = false; - privileged = false; - }; + lib, + config, + ... +}: +{ + options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration"; + config = lib.mkIf config.my.pxvirtGuest.enable { # Let Proxmox host handle fstrim services.fstrim.enable = false; diff --git a/nixosModules/quiet-boot.nix b/nixosModules/quiet-boot.nix index d9b59c8..84bae5f 100644 --- a/nixosModules/quiet-boot.nix +++ b/nixosModules/quiet-boot.nix @@ -1,25 +1,34 @@ -{ pkgs, ... }: { - boot = { - kernelParams = [ - "quiet" - "udev.log_level=3" - "udev.log_priority=3" - "rd.systemd.show_status=auto" - ]; - consoleLogLevel = 0; - initrd = { - verbose = false; - systemd.enable = true; # required fpr graphical LUKS prompt - }; - plymouth = { - enable = true; - theme = "catppuccin-mocha"; - themePackages = [ - (pkgs.catppuccin-plymouth.override { - variant = "mocha"; - }) + lib, + config, + pkgs, + ... +}: +{ + options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash"; + + config = lib.mkIf config.my.quietBoot.enable { + boot = { + kernelParams = [ + "quiet" + "udev.log_level=3" + "udev.log_priority=3" + "rd.systemd.show_status=auto" ]; + consoleLogLevel = 0; + initrd = { + verbose = false; + systemd.enable = true; # required fpr graphical LUKS prompt + }; + plymouth = { + enable = true; + theme = "catppuccin-mocha"; + themePackages = [ + (pkgs.catppuccin-plymouth.override { + variant = "mocha"; + }) + ]; + }; }; }; } diff --git a/nixosModules/secure-boot.nix b/nixosModules/secure-boot.nix index 9bf2c93..948d1c4 100644 --- a/nixosModules/secure-boot.nix +++ b/nixosModules/secure-boot.nix @@ -1,28 +1,37 @@ -{ pkgs, lib, ... }: { - # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md - # To enroll: - # 1. sudo sbctl create-keys - # 2. import this module, rebuild - # 3. Put Secure Boot in Setup mode - # 4. sudo sbctl verify - # 5. sudo sbctl enroll-keys --microsoft - # 6, reboot - # 7. sudo sbctl status + lib, + config, + pkgs, + ... +}: +{ + options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote"; - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; + config = lib.mkIf config.my.secureBoot.enable { + # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md + # To enroll: + # 1. sudo sbctl create-keys + # 2. enable this module, rebuild + # 3. Put Secure Boot in Setup mode + # 4. sudo sbctl verify + # 5. sudo sbctl enroll-keys --microsoft + # 6, reboot + # 7. sudo sbctl status - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; }; } diff --git a/nixosModules/steam.nix b/nixosModules/steam.nix index b0991e6..78bbf71 100644 --- a/nixosModules/steam.nix +++ b/nixosModules/steam.nix @@ -1,45 +1,50 @@ +{ lib, config, ... }: { - hardware.steam-hardware.enable = true; + options.my.steam.enable = lib.mkEnableOption "Steam gaming platform"; - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - gamescopeSession.enable = false; + config = lib.mkIf config.my.steam.enable { + hardware.steam-hardware.enable = true; + + programs = { + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + gamescopeSession.enable = false; + }; + gamemode.enable = true; }; - gamemode.enable = true; - }; - # steam network transfer - networking.firewall = { - allowedUDPPorts = [ 3478 ]; - allowedTCPPorts = [ 24070 ]; + # steam network transfer + networking.firewall = { + allowedUDPPorts = [ 3478 ]; + allowedTCPPorts = [ 24070 ]; - allowedTCPPortRanges = [ - { - from = 27015; - to = 27050; - } - ]; + allowedTCPPortRanges = [ + { + from = 27015; + to = 27050; + } + ]; - allowedUDPPortRanges = [ - { - from = 4379; - to = 4380; - } - { - from = 27000; - to = 27100; - } + allowedUDPPortRanges = [ + { + from = 4379; + to = 4380; + } + { + from = 27000; + to = 27100; + } + ]; + }; + + allowedUnfreePackages = [ + "steam" + "steam-original" + "steam-run" + "steam-unwrapped" ]; }; - - allowedUnfreePackages = [ - "steam" - "steam-original" - "steam-run" - "steam-unwrapped" - ]; } diff --git a/nixosModules/stylix.nix b/nixosModules/stylix.nix index 33ab6ee..4b30dc7 100644 --- a/nixosModules/stylix.nix +++ b/nixosModules/stylix.nix @@ -1,86 +1,95 @@ -{ pkgs, config, ... }: { - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - override = { - scheme = "Catppuccin Mocha Pride"; + lib, + config, + pkgs, + ... +}: +{ + options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)"; - base09 = "#6f9dff"; - base0A = "#d162a4"; - base0B = "#a8c9ff"; - base0C = "#a30262"; - - # pink_light = "#d162a4"; - # pink_dark = "#a30262"; - # blue_light = "#5BCEFA"; - # blue_dark = "#4a6bb1"; - - # original values - # base00: "#1e1e2e" # base - - # base01: "#181825" # mantle - # base02: "#313244" # surface0 - # base03: "#45475a" # surface1 - # base04: "#585b70" # surface2 - # base05: "#cdd6f4" # text - # base06: "#f5e0dc" # rosewater - # base07: "#b4befe" # lavender - # base08: "#f38ba8" # red - # base09: "#fab387" # peach - # base0A: "#f9e2af" # yellow - # base0B: "#a6e3a1" # green - # base0C: "#94e2d5" # teal - # base0D: "#89b4fa" # blue - # base0E: "#cba6f7" # mauve - # base0F: "#f2cdcd" # flamingo - - # https://github.com/chriskempson/base16/blob/main/styling.md - # base00 - Default Background - # base01 - Lighter Background (Used for status bars, line number and folding marks) - # base02 - Selection Background - # base03 - Comments, Invisibles, Line Highlighting - # base04 - Dark Foreground (Used for status bars) - # base05 - Default Foreground, Caret, Delimiters, Operators - # base06 - Light Foreground (Not often used) - # base07 - Light Background (Not often used) - # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted - # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url - # base0A - Classes, Markup Bold, Search Text Background - # base0B - Strings, Inherited Class, Markup Code, Diff Inserted - # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes - # base0D - Functions, Methods, Attribute IDs, Headings - # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed - # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. - }; - image = config.lib.stylix.pixel "base00"; - polarity = "dark"; - targets = { - gnome.enable = false; - gtk.enable = false; - gtksourceview.enable = false; - fontconfig.enable = true; - plymouth.enable = false; - }; - fonts = { - sansSerif = { - name = "Inter Nerd Font"; - package = pkgs.inter-nerdfont; - }; - monospace = { - name = "FiraCode Nerd Font Mono"; - package = pkgs.nerd-fonts.fira-code; - }; - }; - icons = { + config = lib.mkIf config.my.stylix.enable { + stylix = { enable = true; - dark = "Adwaita"; - light = "Adwaita"; - package = pkgs.adwaita-icon-theme; - }; - cursor = { - name = "Adwaita"; - size = 16; - package = pkgs.adwaita-icon-theme; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + override = { + scheme = "Catppuccin Mocha Pride"; + + base09 = "#6f9dff"; + base0A = "#d162a4"; + base0B = "#a8c9ff"; + base0C = "#a30262"; + + # pink_light = "#d162a4"; + # pink_dark = "#a30262"; + # blue_light = "#5BCEFA"; + # blue_dark = "#4a6bb1"; + + # original values + # base00: "#1e1e2e" # base - + # base01: "#181825" # mantle + # base02: "#313244" # surface0 + # base03: "#45475a" # surface1 + # base04: "#585b70" # surface2 + # base05: "#cdd6f4" # text + # base06: "#f5e0dc" # rosewater + # base07: "#b4befe" # lavender + # base08: "#f38ba8" # red + # base09: "#fab387" # peach + # base0A: "#f9e2af" # yellow + # base0B: "#a6e3a1" # green + # base0C: "#94e2d5" # teal + # base0D: "#89b4fa" # blue + # base0E: "#cba6f7" # mauve + # base0F: "#f2cdcd" # flamingo + + # https://github.com/chriskempson/base16/blob/main/styling.md + # base00 - Default Background + # base01 - Lighter Background (Used for status bars, line number and folding marks) + # base02 - Selection Background + # base03 - Comments, Invisibles, Line Highlighting + # base04 - Dark Foreground (Used for status bars) + # base05 - Default Foreground, Caret, Delimiters, Operators + # base06 - Light Foreground (Not often used) + # base07 - Light Background (Not often used) + # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url + # base0A - Classes, Markup Bold, Search Text Background + # base0B - Strings, Inherited Class, Markup Code, Diff Inserted + # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes + # base0D - Functions, Methods, Attribute IDs, Headings + # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed + # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. + }; + image = config.lib.stylix.pixel "base00"; + polarity = "dark"; + targets = { + gnome.enable = false; + gtk.enable = false; + gtksourceview.enable = false; + fontconfig.enable = true; + plymouth.enable = false; + }; + fonts = { + sansSerif = { + name = "Inter Nerd Font"; + package = pkgs.inter-nerdfont; + }; + monospace = { + name = "FiraCode Nerd Font Mono"; + package = pkgs.nerd-fonts.fira-code; + }; + }; + icons = { + enable = true; + dark = "Adwaita"; + light = "Adwaita"; + package = pkgs.adwaita-icon-theme; + }; + cursor = { + name = "Adwaita"; + size = 16; + package = pkgs.adwaita-icon-theme; + }; }; }; } diff --git a/nixosModules/systemd-boot.nix b/nixosModules/systemd-boot.nix index 321a26c..e44f9dc 100644 --- a/nixosModules/systemd-boot.nix +++ b/nixosModules/systemd-boot.nix @@ -1,11 +1,16 @@ +{ lib, config, ... }: { - boot.loader = { - timeout = 3; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; # do not allow changing kernel parameters - consoleMode = "max"; + options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader"; + + config = lib.mkIf config.my.systemdBoot.enable { + boot.loader = { + timeout = 3; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; # do not allow changing kernel parameters + consoleMode = "max"; + }; }; }; } diff --git a/nixosModules/tailscale.nix b/nixosModules/tailscale.nix index e51ee7f..55295f9 100644 --- a/nixosModules/tailscale.nix +++ b/nixosModules/tailscale.nix @@ -1,8 +1,13 @@ +{ lib, config, ... }: { - services.tailscale = { - enable = true; - openFirewall = true; - }; + options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN"; - networking.firewall.checkReversePath = "loose"; + config = lib.mkIf config.my.tailscale.enable { + services.tailscale = { + enable = true; + openFirewall = true; + }; + + networking.firewall.checkReversePath = "loose"; + }; } diff --git a/nixosModules/user-muede.nix b/nixosModules/user-muede.nix index 498c5a8..20f9cdb 100644 --- a/nixosModules/user-muede.nix +++ b/nixosModules/user-muede.nix @@ -1,37 +1,46 @@ -{ pkgs, ... }: { - users.users.muede = { - isNormalUser = true; - uid = 1000; - name = "muede"; - description = "müde"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "dialout" - "podman" - "nginx" - "adbusers" - "kvm" - "input" - "video" + lib, + config, + pkgs, + ... +}: +{ + options.my.users.muede.enable = lib.mkEnableOption "muede user account"; + + config = lib.mkIf config.my.users.muede.enable { + users.users.muede = { + isNormalUser = true; + uid = 1000; + name = "muede"; + description = "müde"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "dialout" + "podman" + "nginx" + "adbusers" + "kvm" + "input" + "video" + ]; + shell = pkgs.zsh; + autoSubUidGidRange = true; + }; + + nix.settings.trusted-users = [ "muede" ]; + + allowedUnfreePackages = [ + "rider" + "pycharm-professional" + "jetbrains-toolbox" + + "anydesk" + + "vscode-extension-ms-dotnettools-csharp" + + "claude-code" ]; - shell = pkgs.zsh; - autoSubUidGidRange = true; }; - - nix.settings.trusted-users = [ "muede" ]; - - allowedUnfreePackages = [ - "rider" - "pycharm-professional" - "jetbrains-toolbox" - - "anydesk" - - "vscode-extension-ms-dotnettools-csharp" - - "claude-code" - ]; } diff --git a/nixosModules/user-ronja.nix b/nixosModules/user-ronja.nix index b374ab9..46319eb 100644 --- a/nixosModules/user-ronja.nix +++ b/nixosModules/user-ronja.nix @@ -1,19 +1,28 @@ -{ pkgs, ... }: { - users.users.ronja = { - isNormalUser = true; - name = "ronja"; - description = "Ronja"; - home = "/home/ronja"; - extraGroups = [ - "networkmanager" - "wheel" - "games" - "podman" - "openvscode-server" - ]; - shell = pkgs.zsh; - }; + lib, + config, + pkgs, + ... +}: +{ + options.my.users.ronja.enable = lib.mkEnableOption "ronja user account"; - nix.settings.trusted-users = [ "ronja" ]; + config = lib.mkIf config.my.users.ronja.enable { + users.users.ronja = { + isNormalUser = true; + name = "ronja"; + description = "Ronja"; + home = "/home/ronja"; + extraGroups = [ + "networkmanager" + "wheel" + "games" + "podman" + "openvscode-server" + ]; + shell = pkgs.zsh; + }; + + nix.settings.trusted-users = [ "ronja" ]; + }; } diff --git a/nixosModules/wine-gaming.nix b/nixosModules/wine-gaming.nix index 8411114..58b0099 100644 --- a/nixosModules/wine-gaming.nix +++ b/nixosModules/wine-gaming.nix @@ -1,22 +1,31 @@ -{ pkgs, ... }: { - hardware = { - graphics = { - enable32Bit = true; - extraPackages = with pkgs; [ mangohud ]; - extraPackages32 = with pkgs; [ mangohud ]; + lib, + config, + pkgs, + ... +}: +{ + options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)"; + + config = lib.mkIf config.my.wineGaming.enable { + hardware = { + graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ mangohud ]; + extraPackages32 = with pkgs; [ mangohud ]; + }; + + xpadneo.enable = true; }; - xpadneo.enable = true; + environment.systemPackages = with pkgs; [ + wineWowPackages.stagingFull + wineWowPackages.fonts + winetricks + dxvk + mangohud + vulkan-tools + mesa-demos + ]; }; - - environment.systemPackages = with pkgs; [ - wineWowPackages.stagingFull - wineWowPackages.fonts - winetricks - dxvk - mangohud - vulkan-tools - mesa-demos - ]; }